Slashdot Mirror

← Back to Stories (view on slashdot.org)

Longhorn Server's "Improved" Security

Posted by ryuzaki0 on from the articulate-vegetable dept.

An anonymous reader writes, "The 'most secure Windows ever' may be very secure from hackers and malware — but what do you do when Longhorn Server lets you install the OS, set up Active Directory, and initialize the domain without once asking you even to create an administrator password? From the article: 'What happened to Windows Server? Where did all of the stringent security checks and ultra-protection of Windows Server 2003 go? Windows Server 2000 was quite insecure, and Windows Server 2003 turned over a new leaf... But it seems Microsoft is more than willing to flip that page back — even Windows Server 2000 required an Administrator password at the very least.'" Inevitably, Dave Barry's years-old quote comes to mind: "Microsoft has a new version out, Windows XP, which according to everybody is the 'most reliable Windows ever.' To me, this is like saying that asparagus is 'the most articulate vegetable ever.'"

16 of 151 comments (clear)

  1. Don't see how it matters really by also-rr · · Score: 3, Funny
    There are CIOs just lining up to sign the purchase authority forms as we speak.

    Ohhh, new windows? And this one has transparency! That's going to make the spreadsheets* fly!

    *sigh*

    *By which they mean databases. Or possibly Word. Who knows the mind of a CIO?
    --
    Think of the Children; Sleep with your Sister
    1. Re:Don't see how it matters really by vtcodger · · Score: 3, Funny
      ****By which they mean databases. Or possibly Word. Who knows the mind of a CIO?***

      CIOs have minds? Who knew?

      --
      You can't see ANYTHING from a car, You've got to get out of the goddamned contraption and walk...Edward Abbey
  2. How Kind of You by eldavojohn · · Score: 5, Insightful

    In the summary you linked to the text "most secure Windows ever" where the title of the Slashdot article is "Microsoft Says Vista Most Secure OS Ever." You'll notice that the former doesn't really cause my blood to boil because I don't care which Windows is more secure. The latter, however, prompts 440 comments and the tag "lol" to appear.

    You see, one is a logical statement because one would hope that newer OS's become more secure than their ancestors, while the other results in "You have offended my operating system of choice, prepare to die..."

    --
    My work here is dung.
    1. Re:How Kind of You by enharmonix · · Score: 3, Funny

      You keep using that word. I do not think it means what you think it means.

  3. default password by gEvil+(beta) · · Score: 4, Funny

    I heard a rumor that the default admin password is "chair"

    --
    This guy's the limit!
    1. Re:default password by entrylevel · · Score: 5, Funny

      You just FUCKING KILLED any hope of this being the most secure Windows ever!

      --
      Karma: Incomprehensible (Mostly affected by posting at +5, reading at -1, and metamoderating everything unfair.)
    2. Re:default password by PPH · · Score: 5, Funny

      If you try 'chair', it will be thrown as an exception.

      --
      Have gnu, will travel.
  4. Asparagus by justinbach · · Score: 4, Funny
    To me, this is like saying that asparagus is 'the most articulate vegetable ever.'"
    I think I'd want to check with the corn on that one--after all, aren't they the ones with *ears*?
    *ducks*
    --
    I left my wallet in El Sigundo!
  5. Did you know? by Anonymous Coward · · Score: 5, Informative

    Accounts with blank passwords CANNOT be used as a network credential EVER! No remote service. No terminal server. No shares. No printer. No nothing! Since XP SP1.

    Maybe not the brightest thing in a beta install (will this be in production?). But you would have to have local physical access to the server terminal to exploit this security hole.

  6. Re:If this is true... by From+A+Far+Away+Land · · Score: 3, Informative

    Don't forget that it includes PVP DRM, meaning Microsoft can compell your monitor not to show video unless it's sure that you've bought a comercial video disc.

    --
    Oh You POS
  7. This is a beta OS. Everything can and will change. by postbigbang · · Score: 3, Informative

    Lots of testers and researchers give VERY LOW SCORES when passwords aren't treated like they ought to be. What with machines that can do 100,000+ dictionary attacks per second, busting weak passwords is comparative childs play.

    So it's a bit specious to lob this at Microsoft, when the operating system isn't even due to be at RC for as much as a year. If you use this in production environments, you're not very wise.

    Not that I particularly like Microsoft, but fair is fair-- this is far from release code.

    --
    ---- Teach Peace. It's Cheaper Than War.
  8. Re:If the author is creating a new domain in Longh by Utopia · · Score: 3, Informative

    I should also point out that by default the machine administrator account is disabled.
    So no amount of password-cracking software will let you log-in as admin.

  9. Right, this is a question of physical security by brokeninside · · Score: 5, Insightful
    Physical access to a machine already gives a local attacker everything they need to change the admin password. If it's a Linux box, it's simply a matter of booting into single user mode. If it's a Windows box, it's simply a matter of using any of half a dozen freely available utilities.

    But if there is no admin password, the server cannot authenticate the Administrator account from across the network. This essentially means that by default Administrator is a physical access only account. I don't see how that is startling insecure. In fact, it's a step in the right direction.

  10. Sounds like a bug in the installer by PPGMD · · Score: 3, Insightful
    IMO it simply sounds like a bug in the installer, the Windows 2000 and 2003 both asked for you to set the default administrator password during the install, sounds like someone forgot to put that in the install options. It's an early beta, with 6 months or more until release, bugs like these often happen.

    If it makes it's way into the shipping product at least how it's described I'll eat my own hat.

  11. Well, on the other hand... by Jugalator · · Score: 3, Insightful

    Any admin that have such a non-existant sense of security that he/she don't bother setting any admin password, regardless if the setup routine force the admin to do it or not at some point, has pretty much doomed the overall security of that system anyway. An admin that need to be nannied through every aspect of setting up a server, including such basic things as controlling the passwords are OK, shouldn't really touch a live server somehow related to network connectivity.

    --
    Beware: In C++, your friends can see your privates!
  12. I *really* hate to come out swinging for MS... by Dputiger · · Score: 3, Interesting
    But I have to, as far as the Dave Barry quote goes, especially since it wasn't even related to the story being linked. I've used every Windows OS going back to 2.0, and run my main system on 95, 98SE, ME (briefly, and just to see if it was really that bad), 2K, and XP. I've done tech support for both businesses and consumers, I've built systems for people, and I've reviewed computer hardware for years--and in the process of doing all that, I've seen a lot of Windows installations on a lot of different hardware, from brand-new to dying of old age.

    There are a lot of things I don't like about Microsoft, and there are a lot of areas where I think their products could be improved and streamlined--but I think a lot of people (both here and elsewhere) throw out disparaging remarks about XP in certain areas just because it's fashionable, or convenient, especially about system stability. XP may have had its kinks early on, but I'd say its been incredibly stable / reliable since at least SP1. I reboot my home rig, on average, maybe once a month--and that's typically a choice, not a forced situation. I've had one hard crash / reboot situation in the past 6 months. It's not just a system that sits idle all day, either--I work from home, game, and do all my multimedia / browsing, IM'ing, etc, all from the same box. Now yes, if you start to factor security updates into the "reliability" equation, WindowsXP starts to look a bit less shiny. If you assume that "WindowsXP" also means "WindowsXP + IE6", that's even worse...but hey, that's why I use Firefox.

    People can argue that they hate the XP GUI--that's opinion. You can argue it's bloated, or you hate WGA, or Product Activation, or whatever, and you can argue about security issues all day long. But measured in terms of basic reliability--no BSODs, no inexplicable driver failures or failed device detection, and no random reboots--XP blows the doors off any of the Win9X products, and is arguably better than 2K in some performance and multimedia areas. (Hyper-Threading is the one area where I distinctly remember XP outperforming 2K--other areas I'd have to dig for at the moment).

    I'm all for calling a spade a spade, but part of doing that fairly means admitting when a company gets something right--and anyone still pretending that Microsoft hasn't made huge strides in stability, reliability, features, and performance since the Win9X days needs to go out and actually try to set up (and then modify) a 98SE box. I've had to do so recently, and it's not a pretty picture. I still remember how to jump through all the various hoops, but that doesn't mean I miss them.